The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware.
Technical analysis by the Malware Hunter JAMESWT
New Dridex campaign with an Amazon theme. The bait is a shipping receipt, attached as an .xlsm file. This, if opened, contacts a random link from an internal list and downloads a DLL, which starts the malware infection
Dridex focuses on Amazon for a new global campaign. The bait is a false shipment with a receipt attached to the email. This is an .xlsm file which, when opened, contacts a random link from an internal list and downloads a DLL. That starts the malware infection chain. Dridex is a very dangerous banking Trojan used by cybercrime, which has long been the protagonist of campaigns all over the world, especially with a courier theme. The targets are mainly companies, but not only.
The fake Amazon mail
The image of the false invoice